Help Screen lock w/Exchange server

[Stockmoose16]

My Inc is hooked up to my Exchange account, which requires a password to be entered after a certain amount of time has elapsed (no longer than 10 minutes).

The problem I'm having is that if I set the Inc's "screen timeout" to the maximum allowed (10 minutes), my bright screen stays on the entire time, burning the battery. On the other hand, if I set the "screen timeout" for 30 seconds, the screen locks and goes dark, but then every time I need to briefly use my phone, I have to enter a password, which is annoying and time consuming.

What I want to be able to do is have my screen go dark after 30 seconds, but the password protection shouldn't come on until the 10 minute mark. I downloaded "Screen Mode Widget Lite" to accomplish this, but I've found that, while this application dims the screen after 30 seconds, it also somehow circumvents the Exchange-required password altogether, even when set to "easy unlock." Thus, if I have "Screen Mode Widget lite" turned on to "Easy unlock," and my Inc's "Screen Timeout" set to the 10 minute maximum, the screen will dim after 30 seconds, but will never ask me for a password. This creates a major security hole.

Is there any way to do what I'm asking: dim the screen after 30 seconds with the password protection turning on at the 10 minute of non-use mark?

 

[cdodge]

I would like something like this to but i doubt its something that would be easy to fix. I know on my winmo phone i liked that even though the phone shut off after 30 seconds ou still didnt have to enter the password until 15 minutes has gone by.

 

[Stockmoose16]

I would like something like this to but i doubt its something that would be easy to fix. I know on my winmo phone i liked that even though the phone shut off after 30 seconds ou still didnt have to enter the password until 15 minutes has gone by.

I wrote to the developer of "Screen Mode Widget Lite" and he said it could be accomplished fairly easily and he may do it in the next update. Since it's a simple fix for developers, I'm wondering if it's already been done, and I'm just missing something in the settings/app store.

 

[cb85215]

My Inc is hooked up to my Exchange account, which requires a password to be entered after a certain amount of time has elapsed (no longer than 10 minutes).

The problem I'm having is that if I set the Inc's "screen timeout" to the maximum allowed (10 minutes), my bright screen stays on the entire time, burning the battery. On the other hand, if I set the "screen timeout" for 30 seconds, the screen locks and goes dark, but then every time I need to briefly use my phone, I have to enter a password, which is annoying and time consuming.

What I want to be able to do is have my screen go dark after 30 seconds, but the password protection shouldn't come on until the 10 minute mark. I downloaded "Screen Mode Widget Lite" to accomplish this, but I've found that, while this application dims the screen after 30 seconds, it also somehow circumvents the Exchange-required password altogether, even when set to "easy unlock." Thus, if I have "Screen Mode Widget lite" turned on to "Easy unlock," and my Inc's "Screen Timeout" set to the 10 minute maximum, the screen will dim after 30 seconds, but will never ask me for a password. This creates a major security hole.

Is there any way to do what I'm asking: dim the screen after 30 seconds with the password protection turning on at the 10 minute of non-use mark?

I would be interested in what you find.

For now, I have just installed the NoLock app which allows me to bypass locking entirely. Convienient, but not very secure

 

[elrabin]

Whether you can or can not bypass the security profile used by your company for Exchange email in my opinion is a moot point.

I'm a senior server engineer and in my opinion, you shouldn't try and bypass company security protocol for your convenience.

Yes, entering your password every time sucks, but if you're using the Droid Incredible for business and personal,thats a limitation.

A) Have your company issue you a phone specifically for business email

or

B) Live with it.

This reason is precisely why I refused the offer to put company email on my personal phone. My company would have paid for my line, but again, i don't want to merge the two.

My blackberry lives on my hip from 7am - 7pm M-F. If its before or after those hours, or on the weekend, it's on the nightstand. I will occassionally peek at it to make sure that there are no major disasters brewing, but my time is my own for the most part. I refuse to bog down my Droid Incredible with the ~200 emails per day and be called on my personal number late at night or on weekends for work stuff. Not to mention the fun of having to unlock the device with a password every time you want to use it.

Your exchange engineers have a security profile in place for a reason, liability. If you lose your phone with sensitive data on it, and you circumvented the password lock, its YOUR ass on the line. Depending on your field, you could be in hot water from the government as well.(health care, financial industries)

I can't tell you how many times our Exchange Engineers denied iPhone users access to corporate email because they don't properly support security profiles, encryption and remote wipe.

This is no different.

 

[Stockmoose16]

Whether you can or can not bypass the security profile used by your company for Exchange email in my opinion is a moot point.

I'm a senior server engineer and in my opinion, you shouldn't try and bypass company security protocol for your convenience.

Yes, entering your password every time sucks, but if you're using the Droid Incredible for business and personal,thats a limitation.

A) Have your company issue you a phone specifically for business email

or

B) Live with it.

This reason is precisely why I refused the offer to put company email on my personal phone. My company would have paid for my line, but again, i don't want to merge the two.

My blackberry lives on my hip from 7am - 7pm M-F. If its before or after those hours, or on the weekend, it's on the nightstand. I will occassionally peek at it to make sure that there are no major disasters brewing, but my time is my own for the most part. I refuse to bog down my Droid Incredible with the ~200 emails per day and be called on my personal number late at night or on weekends for work stuff. Not to mention the fun of having to unlock the device with a password every time you want to use it.

Your exchange engineers have a security profile in place for a reason, liability. If you lose your phone with sensitive data on it, and you circumvented the password lock, its YOUR ass on the line. Depending on your field, you could be in hot water from the government as well.(health care, financial industries)

I can't tell you how many times our Exchange Engineers denied iPhone users access to corporate email because they don't properly support security profiles, encryption and remote wipe.

This is no different.

As I said, I DON'T want to circumvent the password. I just want the screen not to stay on and drain the battery. My Exchange profile allows for a 10 minute screen lock time, but if I use that, my screen DOES NOT DIM for 10 minutes. This makes zero sense. Why would anyone want their screen to stay on and drain the battery while the phone is not in use?

So again, to the question, is there any way to have the password come on at the 10 minute mark while still allowing for the screen to dim at 30 seconds?

 

[mikeyuen]

Several coworkers and I have run into this same issue where we'd like to be able to turn off the screen without locking the phone UNTIL the lockout timer (dictated by Exchange) kicks in. This saves battery life and ensures you won't butt-dial your phone. Granted, you can manually turn off the screen, but like StockMoose pointed out, it's an annoyance having to type in the password on the tiny keyboard every single time you want to quickly check your e-mail. (We are Exchange/Windows engineers too who are on-call 24/7.)

For now, I highly recommend LockPicker. It allows you to turn on the unlock PATTERN that comes standard with Incredible (when you don't sync to Exchange) instead of having to TYPE in the password.

To use LockPicker, do this:
1. Remove your Exchange account from the phone.
2. Set your UNLOCK PATTERN in Menu > Settings > Security > Unlock Pattern.
3. Add your Exchange account back, which turns on the Exchange-mandated password policy.
4. Run LockPicker and enable it.

Now you can turn off your phone, and when you turn it back on, it'll ask for your UNLOCK PATTERN (simply swiping those dots) instead of having to TYPE in the Exchange-mandated password.

I have not yet tested to see if the Exchange policy (ie. 10 min lock) still kicks in (we have ours set to 1 hour, but that will likely change soon.) StockMoose, if you can, please test it on your phone since your Exchange is set to 10 mins:

1. Turn on LockPicker.
2. Leave phone on (and idle) for 10 mins and see if Exchange locks it. (I didn't want to leave my phone on for 1 hour)

I have sent an e-mail to the developer of LockPicker and requested the feature of what we're requesting in this thread. I have also made a donation to the developer to support his program because his app is the ONLY one that works (with the Unlock Pattern) and does NOT mess up the Home and Search buttons on the HTC Incredible.

Screen Mode Widget Lite and No Lock both work, but do not enable any security if you forget to turn security back on. On the Incredible, both apps also jack up the Home and Search functions over time (they stop working until you reboot your phone or turn off/uninstall the app.)

With LockPicker, at least you STILL can get the security through the unlock pattern. Although having to use the unlock pattern every time you turn on your phone, it's still more convenient than having to TYPE in the password. The only issue I have with this app is that it won't let you change the pattern until you remove Exchange, change the pattern, and add Exchange back.

[EDIT 7/20/10: I use Quick Settings to change the unlock pattern without having to remove/re-add the Exchange account back ]

LockPicker still works even after your reboot your phone.

Hope this helps.

Michael

 

[johnperkins21]

Huh. So Lockpicker lets you keep some security? Well then that's an idea.

Honestly, I'd be happy with being able to just use a different keypad for the unlock screen since our passwords have to have numbers in them, it's easiest to just use a sequence of numbers. If I could change my unlock keypad to the phone keypad, that would make it easy enough to enter the pin and I'd not be circumventing my firm's security in any way. Win-win-win.

I may check out Lockpicker though, as that sounds promising. Thanks for the tip.

 

[mikeyuen]

I have not yet tested to see if the Exchange policy (ie. 10 min lock) still kicks in (we have ours set to 1 hour, but that will likely change soon.) StockMoose, if you can, please test it on your phone since your Exchange is set to 10 mins.

We set up a separate policy on Exchange to lock after 1 minute (for testing purposes.) Sure enough, it automatically locked the screen. Turning on the phone required you to swipe the unlock pattern. Perfect!

What we also found is that if you keep LockPicker running while you change your phone to use another Exchange Client Device policy, it'll prompt you to put in a new Exchange lock password several times. So, before you implement a new policy, disable (or remove) LockPicker first. Once the new policy sets in, re-enable or re-install LockPicker.

To force a new policy to go into effect right away, simply send a new e-mail to your Exchange account. The new e-mail gets pushed to your phone (along with the new policy.)

johnperkins: Keypad would be nice too, but personally, I actually really like the pattern unlock method. See: http://www.youtube.com/watch?v=3tnnsxcienQ

TIP: if you forget your unlock pattern, simply swipe it wrong 5 times, and Android will ask you to wait 30 seconds. After that, at the very bottom of the screen you'll see something like, "Forgot pattern" link. Touch that and it'll ask for your Google Mail username and password. It'll let you reset your pattern if you type that correctly.

Hope this helps.

Michael

 

[Artietude]

I'm so glad someone pointed me to this post. I work at a HUGE company and there was no way they would change this policy. This tool is the bomb! It's such a pain when you're driving just to get to use the phone! Now that I have my pattern lock back, I'm soo happy!

(Using Lockpicker on Droid Eris)

 

[batwings1]

For what it's worth, I moved to using Toouchdown for my Exchange access for a variety of reasons (Global Address Book, better meeting request functionality, etc.). One of the unplanned benefits was that, with Touchdown, you only need to enter a password when accessing exchange email or calendar via Touchdown. Now, if I just want to make a call, I can ulock without a password. When I need access to corporate email, I have to enter a password.

Works for me.

 

[Norwegianpiglet]

Same issue with exchange account here. Followed the reciope for Autolock, which does override the security code, but the option of an unlock pattern has gone! I set the pattern after removing exchange, but the tick for pattern requirement kep disappering. So now torn between putting the code back in, as I now have No security!

 

[seerdekens]

LockPicker saved my day!
Mikeyuen. thanks for letting me now.

Steven

 

[bjanow]

...One of the unplanned benefits was that, with Touchdown, you only need to enter a password when accessing exchange email or calendar via Touchdown. Now, if I just want to make a call, I can unlock without a password. When I need access to corporate email, I have to enter a password.

Works for me.

And for me too! I'm an Exchange admin using TD and had no idea that by setting a password it would lock the phone. (Personally, I think it's ridiculous) I found it out via my iPhone users complaining that I was locking their phones. They wanted me to turn off password protection, I refused and took some shit. Too bad I say. Seems some have "jail broke" their phones to bypass and some use LockPicker but I have given them warning that they are solely responsible if something happens. If your phone is for work live with it. If not, take the account off.
But my real question is, why doesn't TD do the same thing as the EAS account on the Android or the iPhone?

 

[mikeyuen]

You're welcome, seerdekens. Also check out Quick Settings. It allows you to change the unlock pattern even with LockPicker running.

 

[redlegend]

For whatever it's worth, I've confirmed in my case that the only way to COMPLETELY bypass the password requirement without using a 3rd party app was to uncheck the "require password" box in the Mobile Device policy within Exchange 2007. Thankfully for me, as a small company, I can do what I want with it. For those that don't make the call, sounds like the 3rd party apps are your only way to go. Either that or convince your Admin's to change the time requirement to once every 24 hours or something, so that at least you only have to enter the password on your phone once a day.

 

[animalunga]

My Inc is hooked up to my Exchange account, which requires a password to be entered after a certain amount of time has elapsed (no longer than 10 minutes).

The problem I'm having is that if I set the Inc's "screen timeout" to the maximum allowed (10 minutes), my bright screen stays on the entire time, burning the battery. On the other hand, if I set the "screen timeout" for 30 seconds, the screen locks and goes dark, but then every time I need to briefly use my phone, I have to enter a password, which is annoying and time consuming.

What I want to be able to do is have my screen go dark after 30 seconds, but the password protection shouldn't come on until the 10 minute mark. I downloaded "Screen Mode Widget Lite" to accomplish this, but I've found that, while this application dims the screen after 30 seconds, it also somehow circumvents the Exchange-required password altogether, even when set to "easy unlock." Thus, if I have "Screen Mode Widget lite" turned on to "Easy unlock," and my Inc's "Screen Timeout" set to the 10 minute maximum, the screen will dim after 30 seconds, but will never ask me for a password. This creates a major security hole.

Is there any way to do what I'm asking: dim the screen after 30 seconds with the password protection turning on at the 10 minute of non-use mark?

I also had your problem and found the cause and solution for those still interested:
cause - is a policy of exchange for mobile devices which is the default, and since Android is the only one respect it (but do not know which version from, I have Jelly Bean 4.1.1), network administrators leave it so com 'is.

remedy - ask your network administrator to make the following changes:
On the Exchange Management Console / Organization Configuration / Client Access create a new policy "Android without password" and leave the previous as Default for safety
On this new policy to disable the "General / Allow non-provisionable devices" and "Password / Require password" and press OK
Then on Exchange Management Console / Recipient Configuration / Mailbox / Your account / mailbox features / Exchange ActiveSync, select the new policy in place of the default.

In this way, you lose the security of access to the device but security of access to the account remains intact, whether personalized with the new policy. For example, if someone steals your phone can see the contents of your mailbox / address book / calendar etc. .. but if someone wants to access your account from a new device he still have corporate credentials (username and password).